Skip to content

Category: Uncategorised

Introduction to Automated Security Testing with OWASP Zap, Dependency Checker and Glue.

Security testing can be really time-consuming. Ever tried to organise a penetration test for your website? It is expensive! For my current client, we wanted to think about how much security testing can be done ahead of time in an automated way. Not as a replacement for professional penetration testing but as a way to give us some confidence before that stage that we are catching issues as early as we can. I did this by adding automated security tests for common issues in our codebase. For example, insecure dependencies or API endpoints that are vulnerable to SQL injection attempts.…

Quickstart: Try Static Analysis with SonarQube and Docker

Recently I started a new contract and was in the rare position of joining a team before the developers! Without a team producing work, I wanted to think about ways to get the team off to a good start. My last post was about static analysis with Sonarqube. I love static analysis tools they are like an additional tester in your team and when the results are taken in the context of the wider effort they can be really valuable. Below I want to show you how to set up a quick proof of concept Sonarqube server to discuss with…